moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity

curl_fnmatch: only allow 5 '*' sections in a single pattern 

... to avoid excessive recursive calls. The number 5 is totally
arbitrary and could be modified if someone has a good motivation.
This commit is contained in:
Daniel Stenberg 2018-01-16 15:55:44 +01:00
parent cb5accab9e
commit 2a1b2b4ef5
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/curl_fnmatch.c
View File

@ -301,7 +301,8 @@ fail:
return SETCHARSET_FAIL;
}
static int loop(const unsigned char *pattern, const unsigned char *string)
static int loop(const unsigned char *pattern, const unsigned char *string,
int maxstars)
{
loop_state state = CURLFNM_LOOP_DEFAULT;
unsigned char *p = (unsigned char *)pattern;
@ -313,11 +314,14 @@ static int loop(const unsigned char *pattern, const unsigned char *string)
switch(state) {
case CURLFNM_LOOP_DEFAULT:
if(*p == '*') {
if(!maxstars)
return CURL_FNMATCH_NOMATCH;
while(*(p + 1) == '*') /* eliminate multiple stars */
p++;
if(*s == '\0' && *(p + 1) == '\0')
return CURL_FNMATCH_MATCH;
rc = loop(p + 1, s); /* *.txt matches .txt <=> .txt matches .txt */
rc = loop(p + 1, s, maxstars - 1); /* *.txt matches .txt <=>
.txt matches .txt */
if(rc == CURL_FNMATCH_MATCH)
return CURL_FNMATCH_MATCH;
if(*s) /* let the star eat up one character */
@ -416,5 +420,5 @@ int Curl_fnmatch(void *ptr, const char *pattern, const char *string)
if(!pattern || !string) {
return CURL_FNMATCH_FAIL;
}
return loop((unsigned char *)pattern, (unsigned char *)string);
return loop((unsigned char *)pattern, (unsigned char *)string, 5);
}